There is likely about 30,000 websites that is vulnerable to this attack, according to security experts.

Researchers are warning of an attack that takes an SQL injection to the next level by masking malicious code behind legitimate domains.

Discovered in January 2011, the new SQL injection variant, which security researchers are calling a mass meshing attack , combines a SQL injection attack coupled with a drive-by download.

While the exact mechanism of infection is still undetermined, it is likely due to automated injection via stolen FTP credentials or other backdoor mechanisms, according to Wayne Huang, chief technology officer at Armorize, who headed the research team that detected the new attack.